보안기사도 공부해야 하고 일도 해야하고 문제도 풀어야 하고 할 일이 너무 많다. ㅠㅠ
그래도 하루에 한개 정도는 꾸준히 풀어야 하지 않을까 싶다 ㅎㅎ
오늘은 flee button
을 풀어보았다.
문제 정보는 다음과 같다.
1
2
3
|
click the button!
i can't catch it!
|
그리고 문제에 접속하면 아래와 같은 화면 한개가 나온다.
저기 click me!
라고 써진 버튼을 눌러야 하는 것 같은데 잡을수가 없다.
계속 멀어지기만 한다.
그래서 일단 페이지 소스보기(Ctrl + U)를 통해서 코드를 확인 해 보았다.
1
2
3
4
|
<title>Just click it!</title> <style> body {color:#fff; background-color:#000;}; </style> <script src="./p8.js"></script>
<body> </body>
<script>eval(unescape_blue14("%72%7d%71%85%7b%73%7c%84%34%87%82%77%84%73%2c%85%7c%73%83%71%6d%80%73%6b%70%7a%85%73%37%3a%2c%26%29%3a%3a%29%3d%38%29%3d%3d%29%40%3c%29%38%3a%29%3d%3d%29%3d%38%29%3a%3b%29%38%3c%29%3d%39%29%40%39%29%3d%37%29%38%3c%29%38%3a%29%40%39%29%40%3a%29%40%41%29%3d%6d%29%3d%39%29%3a%3b%29%38%3c%29%40%36%29%3d%72%29%40%39%29%3d%3d%29%40%3a%29%3d%3d%29%3d%72%29%3d%71%29%3a%38%29%3c%72%29%3d%36%29%40%39%29%3d%72%29%3d%6d%29%40%3b%29%40%3a%29%3d%39%29%3a%39%29%38%3c%29%3a%3c%29%3a%3a%29%3d%3d%29%3d%71%29%40%36%29%40%3b%29%40%3a%29%38%3a%29%40%3a%29%40%41%29%40%36%29%3d%39%29%3a%3b%29%38%3c%29%3d%36%29%40%3b%29%40%3a%29%40%3a%29%3d%72%29%3d%71%29%38%3c%29%38%3a%29%3d%72%29%3d%71%29%3d%3a%29%3d%72%29%3d%37%29%40%3b%29%40%39%29%3a%3b%29%38%3c%29%3d%71%29%3d%72%29%3d%41%29%40%36%29%38%71%29%38%72%29%3a%39%29%38%3c%29%38%3a%29%3d%72%29%3d%71%29%3d%37%29%3d%6d%29%3d%3d%29%3d%37%29%3d%41%29%3a%3b%29%38%3c%29%40%3d%29%3d%3d%29%3d%71%29%3d%38%29%3d%72%29%40%3d%29%39%3a%29%3d%6d%29%3d%72%29%3d%37%29%3c%72%29%40%3a%29%3d%3d%29%3d%72%29%3d%71%29%3a%3b%29%38%70%29%3a%3d%29%3d%41%29%3d%39%29%40%41%29%3a%3b%29%39%4C%29%39%40%29%39%4C%29%39%3C%29%38%70%29%3a%39%29%38%3c%29%38%3a%29%40%3c%29%3c%72%29%3d%6d%29%40%3b%29%3d%39%29%3a%3b%29%38%3c%29%3d%37%29%3d%6d%29%3d%3d%29%3d%37%29%3d%41%29%38%3a%29%3d%70%29%3d%39%29%38%3b%29%38%3c%29%3a%3c%29%3a%3a%29%39%3b%29%3d%38%29%3d%3d%29%40%3c%29%3a%3c%29%3a%3a%29%3d%3d%29%3d%71%29%40%36%29%40%3b%29%40%3a%29%38%3a%29%40%3a%29%40%41%29%40%36%29%3d%39%29%3a%3b%29%38%3c%29%40%3a%29%3d%39%29%40%40%29%40%3a%29%38%3c%29%38%3a%29%40%38%29%3d%39%29%3c%72%29%3d%38%29%3d%72%29%3d%71%29%3d%6d%29%40%41%29%38%3a%29%40%39%29%40%3a%29%40%41%29%3d%6d%29%3d%39%29%3a%3b%29%38%3c%29%40%3d%29%3d%3d%29%3d%38%29%40%3a%29%3d%3c%29%3a%38%29%39%41%29%39%70%29%39%3c%29%3a%39%29%38%3c%29%38%3a%29%3d%3d%29%3d%38%29%3a%3b%29%38%3c%29%3d%3c%29%3d%3d%29%3d%71%29%40%3a%29%38%3c%29%38%3a%29%40%3c%29%3c%72%29%3d%6d%29%40%3b%29%3d%39%29%3a%3b%29%38%3c%29%3d%38%29%3d%72%29%38%3a%29%40%41%29%3d%72%29%40%3b%29%38%3a%29%40%3d%29%3c%72%29%3d%71%29%40%3a%29%38%3a%29%40%3a%29%3d%72%29%38%3a%29%3d%40%29%3d%72%29%3d%3d%29%3d%71%29%3a%3d%29%38%3a%29%3d%37%29%3c%72%29%40%3a%29%3d%37%29%3d%3c%29%38%3a%29%3d%36%29%40%3b%29%40%3a%29%40%3a%29%3d%72%29%3d%71%29%39%38%29%38%3a%29%3d%3d%29%3d%3a%29%38%3a%29%40%41%29%3d%72%29%40%3b%29%38%3a%29%3d%37%29%3c%72%29%3d%71%29%38%3b%29%38%3c%29%3a%3c%26%2d%2d%43%7d%70%78%45%72%7d%71%85%7b%73%7c%84%34%75%73%84%4d%7a%73%7b%73%7c%84%4a%89%53%72%2c%26%73%83%71%26%2d%43%72%7d%71%85%7b%73%7c%84%34%7d%7c%7b%7d%85%83%73%7b%7d%86%73%45%73%83%71%72%77%86%43%72%7d%71%85%7b%73%7c%84%34%7d%7c%79%73%89%80%82%73%83%83%45%7c%7d%79%80%43%7d%70%78%34%83%84%89%7a%73%34%7a%73%74%84%45%33%38%36%36%43%7d%70%78%34%83%84%89%7a%73%34%84%7d%80%45%33%38%36%36%43%86%6d%82%24%77%45%36%32%6d%88%45%36%32%6d%89%45%38%36%36%32%83%87%45%37%32%82%45%38%36%36%43%72%7d%71%85%7b%73%7c%84%34%75%73%84%4d%7a%73%7b%73%7c%84%4a%89%53%72%2c%2b%73%83%71%2b%2d%34%83%84%89%7a%73%34%84%7d%80%45%33%3b%36%36%43%72%7d%71%85%7b%73%7c%84%34%7d%7c%71%7d%7c%84%73%88%84%7b%73%7c%85%45%7c%7d%79%80%43%72%7d%71%85%7b%73%7c%84%34%7d%7c%83%73%7a%73%71%84%83%84%6d%82%84%45%7c%7d%79%80%43%72%7d%71%85%7b%73%7c%84%34%7d%7c%72%82%6d%75%83%84%6d%82%84%45%7c%7d%79%80%43"));</script>
<script>document.getElementById('hint').value="click button, if you want to get the authentication key";</script>
|
script에서 eval()
함수를 통해서 어떤 코드를 실행시킨다.
URL encoding이 되어 있는데, 이 값을 unescape_blue14()
함수에 한 번 실행시킨 후 eval()
함수를 호출한다.
unescape_blue14()
함수는 p8.js
안에 정의되어 있다.
javascript는 Chrome의 개발자 도구 콘솔 창에서 실행시킬 수 있기 때문에 개발자 도구를 통해서 함수를 실행시켜 보았다.
실행 시키니 그림처럼 코드가 나온다.
1
|
document.write(unescape_blue14("%44%72%77%86%24%77%72%45%26%73%83%71%26%24%83%84%89%7a%73%45%26%80%7d%83%77%84%77%7d%7c%42%6d%70%83%7d%7a%85%84%73%43%26%46%44%77%7c%80%85%84%24%84%89%80%73%45%26%70%85%84%84%7d%7c%26%24%7d%7c%74%7d%71%85%83%45%26%7c%7d%79%80%2c%2d%43%26%24%7d%7c%71%7a%77%71%79%45%26%87%77%7c%72%7d%87%34%7a%7d%71%6d%84%77%7d%7c%45%2b%47%79%73%89%45%3D%38%3D%36%2b%43%26%24%86%6d%7a%85%73%45%26%71%7a%77%71%79%24%7b%73%25%26%46%44%35%72%77%86%46%44%77%7c%80%85%84%24%84%89%80%73%45%26%84%73%88%84%26%24%82%73%6d%72%7d%7c%7a%89%24%83%84%89%7a%73%45%26%87%77%72%84%76%42%39%3b%36%43%26%24%77%72%45%26%76%77%7c%84%26%24%86%6d%7a%85%73%45%26%72%7d%24%89%7d%85%24%87%6d%7c%84%24%84%7d%24%78%7d%77%7c%47%24%71%6d%84%71%76%24%70%85%84%84%7d%7c%32%24%77%74%24%89%7d%85%24%71%6d%7c%25%26%46"));obj=document.getElementById("esc");document.onmousemove=escdiv;document.onkeypress=nokp;obj.style.left=-200;obj.style.top=-200;var i=0,ax=0,ay=200,sw=1,r=200;document.getElementById('esc').style.top=-500;document.oncontextmenu=nokp;document.onselectstart=nokp;document.ondragstart=nokp;
|
아래는 javascript 코드인데 위에는 또 다시 unescape_blue14()
함수를 호출한다.
그래서 얘를 또 다시 콘솔 창에서 실행을 시켜 보았다.
1
|
<div id="esc" style="position:absolute;"><input type="button" onfocus="nokp();" onclick="window.location='?key=7270';" value="click me!"></div><input type="text" readonly style="width:350;" id="hint" value="do you want to join? catch button, if you can!">
|
그랬더니 위와 같은 html 코드가 나왔다.
여기서 주의깊게 봐야 하는 부분은 <input type="button" onfocus="nokp();" onclick="window.location='?key=7270';" value="click me!">
이다.
이 부분이 눌러야 하는 button 부분인데, onclick()
메소드를 통해서 만약 버튼이 눌릴 경우 특정 위치로 이동하라고 나와있다.
이동할 페이지가 적혀 있으므로 그냥 이 경로로 이동하면 문제가 풀릴 것 같다.
역시 문제를 풀 수 있었다.
1
|
FLAG : c5339924895c8a7c774edab2d4bb396be09aea1d
|